Openssl 1.1.0 and certbot-auto


#1

Hi,

i upgraded openssl to version 1.1.0 and since then, i’m having problems. The latest one being that when i run certbot-auto renew command and it tries to update dependencies i get an error when updating Python packages:
Bootstrapping dependencies for Debian-based OSes…


build/temp.linux-x86_64-2.7/_openssl.c:73163:12: error: invalid application of ‘sizeof’ to incomplete type ‘RSA’
build/temp.linux-x86_64-2.7/_openssl.c:73163:5: error: initializer element is not constant
build/temp.linux-x86_64-2.7/_openssl.c:73163:5: error: (near initialization for ‘_cffi_struct_unions[131].size’)
build/temp.linux-x86_64-2.7/_openssl.c:73163:18: error: initializer element is not constant
build/temp.linux-x86_64-2.7/_openssl.c:73163:18: error: (near initialization for ‘_cffi_struct_unions[131].alignment’)
build/temp.linux-x86_64-2.7/_openssl.c:73167:12: error: invalid application of ‘sizeof’ to incomplete type ‘X509_STORE_CTX’
build/temp.linux-x86_64-2.7/_openssl.c:73167:5: error: initializer element is not constant
build/temp.linux-x86_64-2.7/_openssl.c:73167:5: error: (near initialization for ‘_cffi_struct_unions[133].size’)
build/temp.linux-x86_64-2.7/_openssl.c:73167:29: error: initializer element is not constant
build/temp.linux-x86_64-2.7/_openssl.c:73167:29: error: (near initialization for ‘_cffi_struct_unions[133].alignment’)
error: command ‘gcc’ failed with exit status 1

----------------------------------------

Command “/root/.local/share/letsencrypt/bin/python2.7 -u -c “import setuptools, tokenize;file=’/tmp/pip-build-6Hlugw/cryptography/setup.py’;exec(compile(getattr(tokenize, ‘open’, open)(file).read().replace(’
’, ‘
’), file, ‘exec’))” install --record /tmp/pip-uP5fq5-record/install-record.txt --single-version-externally-managed --compile --install-headers /root/.local/share/letsencrypt/include/site/python2.7/cryptography” failed with error code 1 in /tmp/pip-build-6Hlugw/cryptography
/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/vendor/requests/packages/urllib3/util/ssl.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
You are using pip version 8.0.3, however version 8.1.2 is available.
You should consider upgrading via the ‘pip install --upgrade pip’ command.

I have the latest pip, nor is there a problem with memory, since i have 2Gigs of RAM and 1Gig of swap.

Please advise,
Best regards


#2

If I’m reading the code correctly, certbot-auto currently uses python-cryptography version 1.3.4, which does not appear to support OpenSSL 1.1.0.

You’ll probably have to wait for that dependency to be updated. Not sure if that’s being worked on. I believe a number of popular projects are not quite compatible with OpenSSL 1.1.0 yet, so I guess sticking with the previous release branch for a while longer (at least system-wide; you could still compile your (web)server against that release, if it’s supported) would make your life a bit easier for now. :smile:


Certbot Fails To Retrieve EC Certificate With Error Code 1
#3

Yeah, everything broke when i upgraded… From Ruby, to Python.

In risk of sounding silly, how do i switch branches? How do i set a system wide previous release?


#4

Depends a bit on how you installed 1.1.0. It might be as simple as deleting files belonging to openssl from /usr/local. If you didn’t manually uninstall the openssl-related packages your distribution comes with, they’ll probably be used again once those files are gone.


#5

Thanks.

I still have both instalations. The previous version in /usr and a new one in /usr/local. I’ll try that.

Thanks for your help.


#6

It worked… Just did make uninstall and everything is working top notch. Thanks again!


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.